I have had a couple of bizarre problems I have been banging my head on
for quite some time. I am getting these errors on my policy server:
Jun 29 13:00:14 sdapp01 cfservd[1209]: Denying repeated connection from
::ffff:192.168.1.31
Jun 29 13:00:14 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
Jun 29 13:13:01 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
Jun 29 13:13:04 sdapp01 cfservd[1209]: Denying repeated connection from
::ffff:192.168.1.71
Jun 29 13:13:05 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
Jun 29 13:30:02 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
Jun 29 13:30:04 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
Jun 29 14:00:01 sdapp01 cfservd[1209]: Unable to lookup hostname
(dj-int.int.mydomain.com) or cfengine service: Name or service not known
192.168.1.31 is djwww01 which produces this on the client side:
cfengine:: Challenge response from server 192.168.1.61/192.168.1.61 was
incorrect!
cfengine:: Authentication dialogue with 192.168.1.61 failed
cfengine:: Challenge response from server 192.168.1.61/192.168.1.61 was
incorrect!
cfengine:: Authentication dialogue with 192.168.1.61 failed
cfengine:djwww01: Protocol transaction broken off
cfengine:djwww01: Authentication dialogue with 192.168.1.61 failed
cfengine:djwww01: Challenge response from server
192.168.1.61/192.168.1.61 was incorrect!
cfengine:djwww01: Authentication dialogue with 192.168.1.61 failed
cfengine:djwww01: Received signal 13 (SIGPIPE) while doing
[lock.cfagent_conf.djwww01.editfile._etc_postfix_main_cf_2475]
cfengine:djwww01: Logical start time Wed Jun 28 23:00:04 2006
cfengine:djwww01: This sub-task started really at Wed Jun 28 23:00:04 2006
It is intermittant. Often it works, occasionally it does not. Running it
manually from the command line with cfagent -v always seems to work. I
have cfexecd running and I have cfagent set to run out of cron at 13
minutes past the hour. Why would it occasionally not auth?
I used to have a machine named dj-int. It has been gone for many weeks.
Not in dns. Not in any cfengine config file. I grepped all of these. I
have restarted all of the daemons. The string "dj-int" does appear in
the cf_lastseen.db on the policy server. If I do a cfshow --last-seen it
appears the last seen db is corrupted and cfshow segfaults after it
displays some data. I have rm'd it several times before and it always
gets corrupted again.
sh-2.05b# cfshow --last-seen
168.1.61 (answered us) at [Mon Jul 13 23:15:28 1970] i.e. not seen for
!315231.39! hours; <delta_t> = {9206790043811415040.00} hours
192.168.1.36 (hailed us) at [Wed Jun 28 12:13:01 2006] i.e. not seen for
!26.43! hours; <delta_t> = {0.00} hours
y��@ g�D_� at [Mon Jul 13 22:11:28 1970] i.e. not seen for !315232.46!
hours; <delta_t> = {0.00} hours
192.168.0.203 (hailed us) at [Sat Jun 24 07:13:03 2006] i.e. not seen
for !127.43! hours; <delta_t> = {0.04} hours
Segmentation fault
So why is my lastseen.db getting corrupted? Where is dj-int coming from?
I am running debian sarge with the cfengine package that comes with sarge:
ii cfengine2 2.1.14-1sarge1 Tool for configuring and maintaining
network
Maybe I should compile the latest cfengine from original source. But I
hate just taking wild guesses at things like that and potentially
destabilizing my otherwise working cfengine setup without having reason
to believe it would solve the problem.
--
Tracy R Reed http://ultraviolet.org
A: Because we read from top to bottom, left to right
Q: Why should I start my reply below the quoted text
_______________________________________________
Help-cfengine mailing list
[email protected]
http://cfengine.org/mailman/listinfo/help-cfengine
